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A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 . 1 36(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 
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Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 Responsive to communication(s) filed on 10 January 2002 . 
2a)D This action is FINAL. 2b)K This action is non-final. 

3) Q Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1-24 is/are pending in the application. 
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5) D Claim(s) is/are allowed. 

6) ^ Claim(s) 1-24 is/are rejected. 

7) D Claim(s) 2-4,10-12 and 18-20 is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 
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10)E3 The drawing(s) filed on 10 January 2002 is/are: a)S accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
1 1 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-1 52. 
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DETAILED ACTION 

1 . This action is responsive to the application filed on 10 January 2002. Claims 1-24 
are pending. Claims 1-24 are directed to a method, software, and apparatus to 
"Facilitate Individual & Global Lockouts to network Applications." 

Priority 

2. Applicant has not complied with one or more conditions for receiving the benefit 
of an earlier filing date under 35 U.S.C. 109(e) or 120 as follows: 

The later-filed application must be an application for a patent for an invention which is 
also disclosed in the prior application (the parent or original nonprovisional application 
or provisional application); the disclosure of the invention in the parent application and 
in the later-filed application must be sufficient to comply with the requirements of the 
first paragraph of 35 U.S.C. 112. See Transco Products, Inc. v. Performance 
Contracting, Inc., 38 F.3d 551, 32 USPQ2d 1077 (Fed. Cir. 1994). 

Claim Objections 

3. Claims 2, 3, 4, 1 0, 1 1 , 1 2, 1 8, 1 9, and 20 are objected to because of the following 
minor informalities. In above claims, a colon (:) should follow the transitional phrase 
"comprising." Appropriate correction is required. 
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Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 
of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject 
matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art 
to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made. 

4. Claims 1-5, 9-13, and 17-21 are rejected under 35 U.S.C. §1 03(a) as being 
unpatentable over Rowland (US 6,405,318) in view of Ruvolo (US 5,928,363.) 

Rowland teaches the invention substantially as claimed including a computer 
implemented intrusion detection system and method that monitors a computer system in 
real-time for activity indicative of attempted or actual access by unauthorized persons or 
computers. (See abstract). 
Claims 1,9, 17 : 

As for above claims Rowland teaches a method, a computer-readable storage 
medium and apparatus to facilitate locking an adversary out of a network application, 
comprising: ( See Fig. 3 ) 

receiving at a server a request, including an authentication credential, to 
access the network application, wherein the authentication credential includes a 
user identifier associated with a user and a network address of a user device; 

examining an audit log to determine if the user identifier has been locked 
out from the network address; and ( See col. 4, lines 15-25 .) 

if the user identifier has been locked out from the network address, 

denying access to the network application; ( See col. 7, lines 32-37 .) 

otherwise, checking the authentication credential for validity, and 
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if the authentication credential is valid, ( See col. 8, lines 52-60 .) 

allowing access to the network application, 
otherwise, 

logging a failed attempt in the audit log, wherein the 
user identifier is locked out from the network address after 
a threshold number of failed attempts, and ( See col. 7. lines 37-40 1 
denying access to the network application; ( See col.8, line 1 .) 
whereby the adversary is prevented from accomplishing an attack by 
masquerading as the user. 

Rowland does not specifically address receiving at a server a request, including 
an authentication credential, to access the network application. However, Ruvolo 
discloses a client establishing a first session with an application executing on a server. 
(See col. 4, lines 31-34, 57-60.) 

Hence, it would have been obvious at the time of the invention for an artisan of 
ordinary skill in the art to combine the intrusion detection system taught by Rowland 
with receiving at a server a request as taught by Ruvolo preventing an unauthorized 
user from gaining access by locking said user from the system. 
Claims 2, 10, 18 

As for above claims Rowland teaches the method of claim 1 , the computer- 
readable storage medium of claim 9, the apparatus of claim 17 further comprising 
imposing: 

a global lockout for the user identifier after a threshold number of network 
addresses are locked out for the user identifier. (See col. 7, lines 37-40: col. 8. line 1 .) 
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Rowland does not specifically address a threshold number. However, Ruvolo 
discloses this concept of the user persisting more than a predetermined number of 
times (threshold). (See col. 5, lines 5-8.) 

Hence, it would have been obvious at the time of the invention for an artisan of 
ordinary skill in the art to combine the intrusion detection system taught by Rowland 
with a predetermined number of times as taught by Ruvolo preventing an unauthorized 
user from gaining access by globally locking out said user. 
Claims 3, 11, 19 

As for above claims Rowland teaches the method of claim 2, the computer- 
readable storage medium of claim 10, the apparatus of claim 18 further comprising: 
removing a lockout after a predetermined period of time. 

Rowland does not specifically address removing a lockout after a predetermined 
period of time. However, Ruvolo discloses reauthentication process at the "End of 
Authenticated Session" which implies that the lockout is constructively removed after a 
predetermined period of time. (See col. 8, lines 5-28.) 

Hence, it would have been obvious at the time of the invention for an artisan of 
ordinary skill in the art to combine the intrusion detection system taught by Rowland 
with the reautehntication process as taught by Ruvolo trapping an unauthorized user by 
lulling the persistent user into an extended session. 
Claims 4, 12, 20 

As for above claims Rowland teaches the method of claim 2, the computer- 
readable storage medium of claim 10, the apparatus of claim 18 further comprising: 
manually removing a lockout by an administrator of the server. 
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Rowland teaches that the system administrator may also select the actions to be 
taken by the control function. (See col. 8, lines 32-33.) 

Hence, it would have been obvious at the time of the invention for an artisan of 
ordinary skill in the art to manually remove the lockout as taught by Rowland. 
Claims 5, 13 t 21 

As for above claims Rowland teaches the method of claim 1 , the computer- 
readable storage medium of claim 9, the apparatus of claim 17 wherein the 
authentication credential includes a user name and a password. 

Rowland does not specifically address the authentication credential to 
include a user name and a password. However, Ruvolo expressly discloses 
authentication credential to include a user name and a password. (See col. 7, lines 32- 
36.) 

Hence, it would have been obvious at the time of the invention for an artisan of 
ordinary skill in the art to combine the intrusion detection system taught by Rowland 
with the authentication credential as taught by Ruvolo providing security to the system 
by allowing access only to authenticated users. 

5. Claims 6, 14. 22 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Rowland as applied to claims 5, 13 and 21 above, in view of Limisco (U.S. 
6.662,228). 

As for above claims Rowland teaches the method of claim 5, the computer- 
readable storage medium of claim 13, the apparatus of claim 21 wherein checking the 
authentication credential for validity involves: 
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verifying that an administrator has authorized access to the network application 
for a combination of the user name and the password; and 

determining if the request violates an access rule in a rule table. 

Rowland does not specifically address verifying whether an administrator has 
authorized access. However, Limisco expressly discloses verification of authorized 
access for an administrator. (See col. 6, lines 28-37 and col. 3, lines 23-32.) 

Hence, it would have been obvious at the time of the invention for an artisan of 
ordinary skill in the art to combine the intrusion detection system taught by Rowland 
with the administrator's verification system as taught by Limisco allowing the system to 
be administered since user accounts must be created and manipulated. 
6. Claims 7-8,15-16. and 23-24 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Rowland as applied to claims 6. 14 and 22 above, in view of See et 
al. (U.S. 6.339.830). 
Claims 7. 15. 23 

As for above claims Rowland teaches the method of claim 6, the computer- 
readable storage medium of claim 14, the apparatus of claim 22 wherein wherein the 
access rule can specify: 

an allowed time-of-day; 

an allowed number of access attempts; 

an allowed network address; and 

an allowed network domain. (See col. 6, line 35.) 

Rowland implicitly encompasses network domain. (See col. 6, line 35.) Rowland 
does not explicitly disclose allowed number of access attempts nor does it expressly 
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teach allowed network address. However, See pointedly teaches these limitations at 
col. 6, lines 44-56. 

Hence, it would have been obvious at the time of the invention for an artisan of 
ordinary skill in the art to combine the intrusion detection system taught by Rowland 
with the authentication service taught by See allowing the system to be thorough by 
providing different parameters to check the authentication credential for validity. 
Claims 8. 16, 24 

As for above claims Rowland teaches the method of claim 1 , the computer- 
readable storage medium of claim 9, the apparatus of claim 17 wherein the network 
address includes Internet Protocol address. 

Rowland does not explicitly disclose Internet Protocol address. However, See 
pointedly teaches Internet Protocol address at col. 8, lines 1-2. 

Hence, it would have been obvious at the time of the invention for an artisan of 
ordinary skill in the art to combine the intrusion detection system taught by Rowland 
with the authentication service taught by See allowing the system to be encompassing 
by reaching through the Internet. 

Conclusion 

7. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Emmanuel Coffy whose telephone number is (571 ) 272- 
3997. The examiner can normally be reached on 8:30 - 5:00 P.M. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ario Etienne can be reached on (571) 272-3997. The fax phone number for 
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the organization where this application or proceeding is assigned is 703-872-9306. 
Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free). 



Emmanuel Coffy, Esq. 
Patent Examiner 
Art Unit 21 57 
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